From bb36498aa7475bedcb6ed2f5e4c1c5b307829caa Mon Sep 17 00:00:00 2001 From: Juan Vidal Allende Date: Mon, 13 Feb 2023 15:38:16 +0100 Subject: [PATCH 1/2] docker: remove support for ubi-8 The builder for docker images based on ubi-8 images is broken, and it generates docker images that are heavy and contain more artifacts than they need to. It also installs RPM packages from CentOS that, although seem to be compatible with ubi-8, may diverge at some point (remember that CentOS now does not track RHEL closely). Signed-off-by: Juan Vidal Allende --- docker/ubi-8/Dockerfile | 83 --------------------------------------- docker/ubi-8/build.sh | 46 ---------------------- docker/ubi-8/docker-start | 4 -- 3 files changed, 133 deletions(-) delete mode 100644 docker/ubi-8/Dockerfile delete mode 100755 docker/ubi-8/build.sh delete mode 100755 docker/ubi-8/docker-start diff --git a/docker/ubi-8/Dockerfile b/docker/ubi-8/Dockerfile deleted file mode 100644 index 1d1e8bdc6e..0000000000 --- a/docker/ubi-8/Dockerfile +++ /dev/null @@ -1,83 +0,0 @@ -# This stage builds an rpm from the source -FROM registry.access.redhat.com/ubi8/ubi:8.5 as ubi-8-builder - -RUN dnf -y update-minimal --security --sec-severity=Important --sec-severity=Critical - -RUN rpm --import https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official \ - && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os \ - && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os \ - && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os - -RUN dnf install -qy https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ - && dnf install --enablerepo=* -qy rpm-build git autoconf pcre-devel \ - systemd-devel automake libtool make readline-devel texinfo \ - net-snmp-devel pkgconfig groff pkgconfig json-c-devel pam-devel \ - bison flex python3-pytest c-ares-devel python3-devel python3-sphinx \ - libcap-devel platform-python-devel \ - https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-2/CentOS-8-x86_64-Packages/libyang2-2.0.0.10.g2eb910e4-1.el8.x86_64.rpm \ - https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-2/CentOS-8-x86_64-Packages/libyang2-devel-2.0.0.10.g2eb910e4-1.el8.x86_64.rpm \ - https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-00146/CentOS-7-x86_64-Packages/librtr-0.8.0-1.el7.x86_64.rpm \ - https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-00146/CentOS-7-x86_64-Packages/librtr-devel-0.8.0-1.el7.x86_64.rpm - - -COPY . /src - -ARG PKGVER - -RUN echo '%_smp_mflags %( echo "-j$(/usr/bin/getconf _NPROCESSORS_ONLN)"; )' >> /root/.rpmmacros \ - && cd /src \ - && ./bootstrap.sh \ - && ./configure \ - --enable-rpki \ - --enable-snmp=agentx \ - --enable-numeric-version \ - --with-pkg-extra-version="_palmetto_git$PKGVER" \ - && make dist \ - && cd / \ - && mkdir -p /rpmbuild/{SOURCES,SPECS} \ - && cp /src/frr*.tar.gz /rpmbuild/SOURCES \ - && cp /src/redhat/frr.spec /rpmbuild/SPECS \ - && rpmbuild \ - --define "_topdir /rpmbuild" \ - -ba /rpmbuild/SPECS/frr.spec - -# This stage installs frr from the rpm -FROM registry.access.redhat.com/ubi8/ubi:8.5 -RUN dnf -y update-minimal --security --sec-severity=Important --sec-severity=Critical -ARG FRR_IMAGE_TAG -ARG FRR_RELEASE -ARG FRR_NAME -ARG FRR_VENDOR -LABEL name=$FRR_NAME \ - vendor=$FRR_VENDOR \ - version=$FRR_IMAGE_TAG \ - release=$FRR_RELEASE - -RUN rpm --import https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official \ - && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os \ - && dnf config-manager --disableplugin subscription-manager --add-repo http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os - -RUN dnf install -qy https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ - && mkdir -p /pkgs/rpm \ - && dnf install --enablerepo=* -qy https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-2/CentOS-8-x86_64-Packages/libyang2-2.0.0.10.g2eb910e4-1.el8.x86_64.rpm \ - https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-00146/CentOS-7-x86_64-Packages/librtr-0.8.0-1.el7.x86_64.rpm - -COPY --from=ubi-8-builder /rpmbuild/RPMS/ /pkgs/rpm/ - -RUN dnf install -qy /pkgs/rpm/*/*.rpm \ - && rm -rf /pkgs \ -# Own the config / PID files - && mkdir -p /var/run/frr \ - && chown -R frr:frr /etc/frr /var/run/frr - -# Add tini because no CentOS8 package -ENV TINI_VERSION v0.19.0 -ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini -RUN chmod +x /sbin/tini - -# Simple init manager for reaping processes and forwarding signals -ENTRYPOINT ["/sbin/tini", "--"] - -# Default CMD starts watchfrr -COPY docker/ubi-8/docker-start /usr/lib/frr/docker-start -CMD ["/usr/lib/frr/docker-start"] diff --git a/docker/ubi-8/build.sh b/docker/ubi-8/build.sh deleted file mode 100755 index 0216636893..0000000000 --- a/docker/ubi-8/build.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -set -e - -## -# Package version needs to be decimal -## -DISTRO=ubi-8 - -GITREV="$2" -if [ -z "$GITREV" ];then - GITREV="$(git rev-parse --short=10 HEAD)" -fi - -FRR_IMAGE_TAG="$1" -if [ -z $FRR_IMAGE_TAG ];then - FRR_IMAGE_TAG="frr:ubi-8-$GITREV" -fi -PKGVER="$(printf '%u\n' 0x$GITREV)" - -FRR_RELEASE="$3" -if [ -z $FRR_RELEASE ];then - FRR_RELEASE=$(git describe --tags --abbrev=0) -fi - -FRR_NAME=$4 -if [ -z $FRR_NAME ];then - FRR_NAME=frr -fi - -FRR_VENDOR=$5 -if [ -z $FRR_VENDOR ];then - FRR_VENDOR=frr -fi - -docker build \ - --cache-from="frr:$DISTRO-builder-$GITREV" \ - --file=docker/$DISTRO/Dockerfile \ - --build-arg="PKGVER=$PKGVER" \ - --build-arg="FRR_IMAGE_TAG=$FRR_IMAGE_TAG" \ - --build-arg="FRR_RELEASE=$FRR_RELEASE" \ - --build-arg="FRR_NAME=$FRR_NAME" \ - --build-arg="FRR_VENDOR=$FRR_VENDOR" \ - --tag="$FRR_IMAGE_TAG" \ - . - diff --git a/docker/ubi-8/docker-start b/docker/ubi-8/docker-start deleted file mode 100755 index d954142ab9..0000000000 --- a/docker/ubi-8/docker-start +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -source /usr/lib/frr/frrcommon.sh -/usr/lib/frr/watchfrr $(daemon_list) From b9640313599e3139e17770f2b9c68e2512edcb26 Mon Sep 17 00:00:00 2001 From: Juan Vidal Allende Date: Mon, 13 Feb 2023 15:42:34 +0100 Subject: [PATCH 2/2] docker: add support for ubi8-minimal Docker image based on ubi8-minimal are smaller in size than previous ones built with ubi8 as base. Also, due to proper cleanup of caches, the final image is about 400MB in size (down from ~630MB using the older ubi8 builder). This Dockerfile also uses packages built for RHEL (instead of CentOS), and updates dependencies so that it can compile latest FRR versions. Signed-off-by: Juan Vidal Allende --- docker/ubi8-minimal/Dockerfile | 132 +++++++++++++++++++++++++++++ docker/ubi8-minimal/almalinux.repo | 23 +++++ docker/ubi8-minimal/build.sh | 54 ++++++++++++ docker/ubi8-minimal/docker-start | 4 + 4 files changed, 213 insertions(+) create mode 100644 docker/ubi8-minimal/Dockerfile create mode 100644 docker/ubi8-minimal/almalinux.repo create mode 100755 docker/ubi8-minimal/build.sh create mode 100755 docker/ubi8-minimal/docker-start diff --git a/docker/ubi8-minimal/Dockerfile b/docker/ubi8-minimal/Dockerfile new file mode 100644 index 0000000000..adb04219be --- /dev/null +++ b/docker/ubi8-minimal/Dockerfile @@ -0,0 +1,132 @@ +# This stage builds an rpm from the source +ARG UBI8_MINIMAL_VERSION +FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI8_MINIMAL_VERSION} as ubi8-minimal-builder + +RUN rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8 + +ADD docker/ubi8-minimal/almalinux.repo /etc/yum.repos.d/almalinux.repo + +# ubi8-minimal comes with broken tzdata package installed, so we need to remove them +# and later reinstall it again: https://bugzilla.redhat.com/show_bug.cgi?id=1668185 +RUN rpm --quiet -e --nodeps tzdata >/dev/null 2>&1 + +RUN microdnf --disableplugin=subscription-manager --setopt=install_weak_deps=0 install \ + autoconf \ + automake \ + bison \ + c-ares-devel \ + flex \ + git \ + groff \ + json-c-devel \ + libcap-devel \ + libssh-devel \ + libtool \ + make \ + net-snmp-devel \ + openssl \ + pam-devel \ + pcre-devel \ + pkgconfig \ + platform-python-devel \ + python3-devel \ + python3-pytest \ + python3-sphinx \ + readline-devel \ + rpm-build \ + systemd-devel \ + texinfo \ + tzdata \ + && microdnf --disableplugin=subscription-manager clean all + +RUN curl -sSL -o /tmp/libyang2.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-2.0.7-1.el8.x86_64.rpm \ + && rpm -i /tmp/libyang2.rpm \ + && rm -f /tmp/libyang2.rpm + +RUN curl -sSL -o /tmp/libyang2-devel.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-devel-2.0.7-1.el8.x86_64.rpm \ + && rpm -i /tmp/libyang2-devel.rpm \ + && rm -f /tmp/libyang2-devel.rpm + +RUN curl -sSL -o /tmp/librtr.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-0.8.0-1.el8.x86_64.rpm \ + && rpm -i /tmp/librtr.rpm \ + && rm -f /tmp/librtr.rpm + +RUN curl -sSL -o /tmp/librtr-devel.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-devel-0.8.0-1.el8.x86_64.rpm \ + && rpm -i /tmp/librtr-devel.rpm \ + && rm -f /tmp/librtr-devel.rpm + +COPY . /src + +ARG PKGVER + +RUN echo '%_smp_mflags %( echo "-j$(/usr/bin/getconf _NPROCESSORS_ONLN)"; )' >> /root/.rpmmacros \ + && cd /src \ + && ./bootstrap.sh \ + && ./configure \ + --enable-rpki \ + --enable-snmp=agentx \ + --enable-numeric-version \ + --with-pkg-extra-version="_git$PKGVER" \ + && make dist \ + && cd / \ + && mkdir -p /rpmbuild/{SOURCES,SPECS} \ + && cp /src/frr*.tar.gz /rpmbuild/SOURCES \ + && cp /src/redhat/frr.spec /rpmbuild/SPECS \ + && rpmbuild \ + --define "_topdir /rpmbuild" \ + -ba /rpmbuild/SPECS/frr.spec + +# This stage installs frr from the rpm +FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI8_MINIMAL_VERSION} +ARG FRR_IMAGE_TAG +ARG FRR_RELEASE +ARG FRR_NAME +ARG FRR_VENDOR +LABEL name=$FRR_NAME \ + vendor=$FRR_VENDOR \ + version=$FRR_IMAGE_TAG \ + release=$FRR_RELEASE + +ADD docker/ubi8-minimal/almalinux.repo /etc/yum.repos.d/almalinux.repo + +RUN rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8 + +RUN microdnf --disableplugin=subscription-manager --setopt=install_weak_deps=0 install \ + c-ares \ + initscripts \ + net-snmp-agent-libs \ + net-snmp-libs \ + openssl \ + python3 \ + shadow-utils \ + systemd \ + && microdnf --disableplugin=subscription-manager clean all + +RUN curl -sSL -o /tmp/libyang2.rpm https://ci1.netdef.org/artifact/LIBYANG-LIBYANGV2/shared/build-12/RedHat-8-x86_64-Packages/libyang2-2.0.7-1.el8.x86_64.rpm \ + && rpm -i /tmp/libyang2.rpm \ + && rm -f /tmp/libyang2.rpm + +RUN curl -sSL -o /tmp/librtr.rpm https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/RedHat-8-x86_64-Packages/librtr-0.8.0-1.el8.x86_64.rpm \ + && rpm -i /tmp/librtr.rpm \ + && rm -f /tmp/librtr.rpm + +COPY --from=ubi8-minimal-builder /rpmbuild/RPMS/ /pkgs/rpm/ + +# Install packages and create FRR files and folders. Be sure to own the config / PID files +RUN rpm -i /pkgs/rpm/x86_64/*.rpm \ + && rm -rf /pkgs \ + && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \ + && mkdir -p /var/run/frr \ + && chown -R frr:frr /etc/frr /var/run/frr + +# There is no package for tini, add it manually +ENV TINI_VERSION v0.19.0 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini +RUN chmod +x /sbin/tini + +# Simple init manager for reaping processes and forwarding signals +ENTRYPOINT ["/sbin/tini", "--"] + +# Default CMD starts watchfrr +COPY docker/ubi8-minimal/docker-start /usr/lib/frr/docker-start +CMD ["/usr/lib/frr/docker-start"] diff --git a/docker/ubi8-minimal/almalinux.repo b/docker/ubi8-minimal/almalinux.repo new file mode 100644 index 0000000000..9b9877b180 --- /dev/null +++ b/docker/ubi8-minimal/almalinux.repo @@ -0,0 +1,23 @@ +[AlmaLinux - baseos] +name=AlmaLinux $releasever - BaseOS +mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos +# baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/ +enabled=1 +gpgcheck=1 +countme=1 + +[AlmaLinux - appstream] +name=AlmaLinux $releasever - AppStream +mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream +# baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/ +enabled=1 +gpgcheck=1 +countme=1 + +[AlmaLinux - powertools] +name=AlmaLinux $releasever - PowerTools +mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/powertools +# baseurl=https://repo.almalinux.org/almalinux/$releasever/PowerTools/$basearch/os/ +enabled=1 +gpgcheck=1 +countme=1 diff --git a/docker/ubi8-minimal/build.sh b/docker/ubi8-minimal/build.sh new file mode 100755 index 0000000000..2aa45c9bf5 --- /dev/null +++ b/docker/ubi8-minimal/build.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +## +# Package version needs to be decimal +## +DISTRO=ubi8-minimal + +UBI8_MINIMAL_VERSION=$1 +if [ -z "$UBI8_MINIMAL_VERSION" ]; then + UBI8_MINIMAL_VERSION="latest" +fi + +GITREV="$2" +if [ -z "$GITREV" ];then + GITREV="$(git rev-parse --short=10 HEAD)" +fi + +FRR_IMAGE_TAG="$3" +if [ -z $FRR_IMAGE_TAG ];then + FRR_IMAGE_TAG="frr:ubi8-minimal-$GITREV" +fi +PKGVER="$(printf '%u\n' 0x$GITREV)" + +FRR_RELEASE="$4" +if [ -z $FRR_RELEASE ];then + FRR_RELEASE=$(git describe --tags --abbrev=0) +fi + +FRR_NAME=$5 +if [ -z $FRR_NAME ];then + FRR_NAME=frr +fi + +FRR_VENDOR=$6 +if [ -z $FRR_VENDOR ];then + FRR_VENDOR=frr +fi + +DOCKERFILE_PATH="$(dirname $(realpath $0))/Dockerfile" + +docker build \ + --cache-from="frr:$DISTRO-builder-$GITREV" \ + --file="$DOCKERFILE_PATH" \ + --build-arg="UBI8_MINIMAL_VERSION=$UBI8_MINIMAL_VERSION" \ + --build-arg="PKGVER=$PKGVER" \ + --build-arg="FRR_IMAGE_TAG=$FRR_IMAGE_TAG" \ + --build-arg="FRR_RELEASE=$FRR_RELEASE" \ + --build-arg="FRR_NAME=$FRR_NAME" \ + --build-arg="FRR_VENDOR=$FRR_VENDOR" \ + --tag="$FRR_IMAGE_TAG" \ + . + diff --git a/docker/ubi8-minimal/docker-start b/docker/ubi8-minimal/docker-start new file mode 100755 index 0000000000..d954142ab9 --- /dev/null +++ b/docker/ubi8-minimal/docker-start @@ -0,0 +1,4 @@ +#!/bin/bash + +source /usr/lib/frr/frrcommon.sh +/usr/lib/frr/watchfrr $(daemon_list)